Picking your brain about password policy.
I was checking a few password management best practices and some of them discourage the "forcing users to change the password" policy, they advise that users change their passwords if they suspect it's been compromised. I still believe that forcing users to change their password coupled with other password policies can really make a password more secure. I was wondering if anyone out there gave up on forcing users to change the password and what was the reason for that..
Thanks as always...
I make my users change their passwords once a year. This keeps passwords fairly fresh while not being onerous to the users.